The Data Matrix code is a high-density two-dimensional barcode symbology that allows a large amount of information, up to 2,335 alphanumeric characters or 3,116 numeric characters, to be represented in a small area of about 1 cm2. The Data Matrix code is in the public domain. The Data Matrix is in the form of a matrix of juxtaposed dots or squares.
The Data Matrix code complies with the ISO IEC16022 standard. Under this standard, the Data Matrix symbol can contain various levels of robustness, known as Error Checking and Correction or “ECC”, allowing it to be read even when partially degraded or obscured. The standard allows several variants of the Data Matrix, from ECC000 that offers no robustness if the symbol is degraded, such as 1D barcodes (EAN 13, etc.) to ECC200 offering the highest level of security (a symbol remains legible with up to about 20%).
The main area of application of Data Matrix is for marking very small mechanical or electronic members. It is used, among others, by NASA (“National Aeronautics and Space Administration”) for marking each of the component members of the space shuttles. In typical applications, it is used for postage in some countries, such as Switzerland, and more recently for some mobile applications, where it is often called a “Tag” (or label). Flashcode (registered trademark) is a proprietary commercial implementation using the Data Matrix standard.
The Data Matrix ECC200 is among the standards adopted by GS1 (acronym for “Global Standard”) and a recent opinion of the AFSSAPS (acronym for “Agence Francaise de Securite Sanitaire des Produits de Sante”—the French Health Products Safety Agency) indicates that, by January 2011, all medicines subject to an authorization to market will comprise, in addition to current legal mentions, a 2D Data Matrix code containing a number of predefined pieces of information.
The Data Matrix was designed to maximize the amount of data that can be stored in image form, such that the decoding machines, or readers, of this data (based on a captured image) are fast and reliable. It has not, however, been designed to secure the stored data, just as this problem arises more and more.
Thus, Data Matrix decoding is performed according to an open standard, and does not incorporate any cryptographic key to encrypt and/or apply a digital signature to the data. The stored message data, however, can be encrypted or digitally signed before being modulated to form the Data Matrix. Thus, the source and integrity of a message can be guaranteed, without the possibility for anyone to falsify a legitimate message (i.e. change its content) or to pretend to be the author of a legitimate message.
However, cryptographic techniques offer no protection against exact duplication or “cloning” of Data Matrix data. In many anti-counterfeiting applications, however, protection against these exact duplicates is essential, because counterfeiters can easily make a perfect copy of a document, packaging or other object comprising a Data Matrix if it does not contain any copy protection elements. Some track and trace applications allow the products to be tracked through the entire supply chain using the identifier contained in the Data Matrix: in this way, they can determine the presence of duplicates if an identifier is found more than once, or identify anomalies in the distribution if the identifier points to a product that should be elsewhere in the supply chain.
It is certain that unitary traceability at all levels of the supply chain is an aid in combating counterfeiting even if, in the end, it does not make it possible to determine which of two apparently identical products is the original. However, in most cases, such a traceability system is too costly or simply impossible to implement, because it must be centralized so that two products with the same Data Matrix found in two different locations can be identified as such.
This is why rights holders who use Data Matrix often use other means to ensure the authenticity of a document or product. For example, several solutions are based on secure labels, which combine an authenticator such as a hologram or OVD (acronym for “Optically Variable Device”) positioned close to the Data Matrix. Unfortunately, the means used are generally expensive and inefficient. Expensive, in that many authentication technologies require advanced technology for the construction of optical effects. Inefficient, in that increasingly, the optical effects can be mimicked with sufficient accuracy at low cost. Furthermore, these effects do not provide intrinsic protection of the identifier. For example, if a set of documents containing the authentication means is stolen, arbitrary Data Matrix codes can be applied to it.
The Data Matrix can be “secured” against copying by marking, for example, with special inks. However, counterfeiters are able to obtain special inks more and more easily, and this solution is not truly secure, while remaining costly. For many applications, therefore, the Data Matrix codes are applied by laser ablation.
Document US 2008/0252066 proposes to print multi-color 2D barcodes, whose reading and/or authentication requires the printed code to be illuminated by different light sources and/or spectral filters. Unfortunately, the use of multiple inks is both costly and complex to produce, and requires specialized image capture means for detection, which limits the authentication possibilities. In addition, such an approach does not offer high security against a determined opponent who can easily find the types of inks used, and determine the printed codes with the appropriate spectral lighting.
Document US 2008/110990 proposes applying a rotation to the print head, the effect of which can subsequently be detected and measured on the basis of a captured image of a printed barcode. However, the document implicitly acknowledges that the method it describes can only detect copies made with a printing means that does not allow print head rotation. Thus, this invention does not offer real protection against counterfeits made with the same printing means, and is restrictive in that it requires the use of a particular print medium, greatly limiting its use.
Document WO 2008/003964 proposes methods for introducing a second level of information in 1D and 2D barcodes by varying information-bearing elements such that they represent the second level of information, e.g. by enlarging or reducing the cell size of a Data Matrix, or by cropping or not cropping the extremities of its black cells. This approach solves some of the shortcomings of the prior art, because the second level of information, which can be used for authentication, is inserted at the time of printing; this is convenient and inexpensive. It is secure in regards to counterfeiters who are not aware of this method and who only duplicate the barcode by reproducing the first-level information. The second level can, however, be easily copied exactly by a counterfeiter who is aware of its presence. Besides, that document states that the second information level can be copied by high-quality printing means, even though copy-proofing properties are maximized (see page 12, lines 9-12 of that document).